Tag Archives: loaded

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. About CVE-2020-5135 The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities. CVE-2020-5135 was discovered by Nikita Abramov … More ? The post Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) appeared first on Help Net Security .

Originally posted here:
Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Week in review: Kali Linux 2020.3, mobile security threats, ISO certs at risk of lapsing

Here’s an overview of some of last week’s most interesting news and articles: Updated cryptojacking worm steals AWS credentials A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services (AWS) credentials. Thousands of ISO certifications at risk of lapsing due to halted re-certification audits Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification … More ? The post Week in review: Kali Linux 2020.3, mobile security threats, ISO certs at risk of lapsing appeared first on Help Net Security .

Excerpt from:
Week in review: Kali Linux 2020.3, mobile security threats, ISO certs at risk of lapsing

New defense method enables telecoms, ISPs to protect consumer IoT devices

Instead of relying on customers to protect their vulnerable smart home devices from being used in cyberattacks, Ben-Gurion University of the Negev (BGU) and National University of Singapore (NUS) researchers have developed a new method that enables telecommunications and internet service providers to monitor these devices. An overview of the key steps in the proposed method According to their new study, the ability to launch massive DDoS attacks via a botnet of compromised devices is … More ? The post New defense method enables telecoms, ISPs to protect consumer IoT devices appeared first on Help Net Security .

Visit site:
New defense method enables telecoms, ISPs to protect consumer IoT devices

How do cybercriminals secure cybercrime?

Trend Micro unveiled new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business. Over the past five years, increased use and abuse of compromised assets has formed a whole new market. There are varied types of underground hosting and associated services used by cybercriminals to operate their businesses, including bulletproof hosting, VPNs, anonymizers, and DDoS protection. Such services could variously be used to … More ? The post How do cybercriminals secure cybercrime? appeared first on Help Net Security .

More:
How do cybercriminals secure cybercrime?

In addition to traditional DDoS attacks, researchers see various abnormal traffic patterns

In the first quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019, and more than 542% compared to the last quarter, as published in the Nexusguard Q1 2020 Threat Report. DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, ISPs will have to strengthen their security measures. Undetectable and abnormal traffic patternss While DDoS attacks disrupt service for large companies … More ? The post In addition to traditional DDoS attacks, researchers see various abnormal traffic patterns appeared first on Help Net Security .

Read More:
In addition to traditional DDoS attacks, researchers see various abnormal traffic patterns

Week in review: DDoS attack trends, WannaCry lessons, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack 19 vulnerabilities – some of them allowing remote code execution – have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT and OT devices deployed by organizations in a wide variety of industries and sectors. Data Protection Officer independence: Ethical and practical considerations In … More ? The post Week in review: DDoS attack trends, WannaCry lessons, new issue of (IN)SECURE appeared first on Help Net Security .

Read More:
Week in review: DDoS attack trends, WannaCry lessons, new issue of (IN)SECURE

Complexity and size of DDoS attacks have increased

The complexity and size of DDoS attacks in 2019 has increased significantly compared to 2018. A report published by NaWas by NBIP concludes that despite the number of attacks has decreased slightly over 2019, their complexity and size has increased significantly. Fewer attacks, more complexity and larger in size Slightly fewer DDoS attacks were observed in 2019 compared to 2018 (919 attacks and 938 attacks respectively). In addition, the number of participants increased by almost … More ? The post Complexity and size of DDoS attacks have increased appeared first on Help Net Security .

Continued here:
Complexity and size of DDoS attacks have increased

UPnP vulnerability lets attackers steal data, scan internal networks

A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on – may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks. The post UPnP vulnerability lets attackers steal data, scan internal networks appeared first on Help Net Security .

Read the article:
UPnP vulnerability lets attackers steal data, scan internal networks

What’s trending on the underground market?

Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization, Trend Micro reveals. Popular underground goods and services The report reveals that determined efforts by law enforcement appear to be having an impact on the cybercrime underground. Several forums have been taken down by global police entities, and remaining forums experience persistent DDoS attacks and log-in problems impacting their usefulness. Loss of trust led … More ? The post What’s trending on the underground market? appeared first on Help Net Security .

Read More:
What’s trending on the underground market?

Client-side web security

To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to emerge as a particularly useful practice. Obviously, enterprise teams should integrate client-side protections with desired server-side countermeasures to ensure a full risk management profile (e.g., the client-side is a poor selection point to stop denial of service). Several standards-based client-side security approaches have begun to mature that are … More ? The post Client-side web security appeared first on Help Net Security .

Read More:
Client-side web security